Items Tagged with "Training"

While there has been some optimism around the potential for closing the massive cybersecurity skills gap by training more people, training alone will not address the massive skills gap the country faces.

An information security training program is crucial for ensuring and maintaining a good security posture; in order to effectively manage this program you have to be able to measure it. This article introduces a concept recommended by NIST in their Special Publication 800-16, for evaluating training effectiveness.

As security professionals, we have to understand that not everyone has a passion for security. In fact, most people don’t. Given that we know “they” don’t share our passion, and we know they are the most vulnerable attack vector, why do we continue to bore them with homogenous and irrelevant training?

It's up for each organization to monitor their threats and weaknesses and use the appropriate set of controls to minimize their risk to an acceptable level. Perhaps security awareness is part of that ... perhaps it is not.

Cyber Ranges as these networks are now often referred to, are fun! And they’re extremely useful in developing real-world skills without disappearing behind bars. It’s not even a new idea; various militaries have been doing it for a while now...

The goal of Security BSides is to expand the spectrum of conversation beyond the traditional confines of space and time. The conferences create opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration...

Hacker Halted 2012 was full of personalities; executives, technologists, students and security enthusiasts – each one with stories that fueled conversations and debate. Technical and business erudition dominated the speaker sessions and the hacking competitions...

When I was asked to come out to Quebec for a conference called Hackfest.CA, I was interested because this isn't a conference I had heard of, and it wasn't on my radar. Additionally, the name suggests it's geared towards the 'hackers' and quite frankly, I'm fairly out of practice...

BSidesJackson was the 1st infosec conference to be held in Mississippi. I organized BSidesJackson because I believe in infosec, and I also believe that having a local infosec community is essential...no matter where you work or what type of information/networks you must protect...

The CISSP is the most popular and arguably most valuable information security certification. While SANS GIAC certifications are technically more intensive, the CISSP is the 900-pound gorilla of information security certifications.
For those looking review guide, CISSP for Dummies is a worthwhile reference...

"Our team is extremely pleased with the high caliber, diversity and expertise of the confirmed speakers we have secured for this event. Having such a dynamic lineup of highly respected industry professionals to share their knowledge and inspire those seeking employment..."

While ours is a friendly community, I did observe my share of bad behavior from a small minority in our community. So here is my short list of ways you can avoid being a (jerk term) at a con. If we all were to follow even these 4 simple rules the infosec world would be a better place...

As always happens in a multi-track con, I was unable to attend every talk, so don't take offense if you spoke and your talk isn't listed here. I received many good reports from my students who attended different talks. None of my students complained about any bad talks...

From giant industry events, analyst events, regional events, hacker cons, to any kind of gathering you can think of including conferences on boats, trains, and buses. At any given time, you can find a security conference happening. What is it about the industry that loves an event?

A disturbing trend in security conferences is meta-talks that have nothing to do with pwning stuff. Burnout, sexism, career advice, economics, recruiting, food, exercise and other presentations on what's wrong with the security industry, are replacing actual knowledge transfer...

As my perspective in infosec comes from my role as a Cyberspace Operations Officer in the Air Force, where most people say “infosec” I say “cyber” and try to speak on the broader domain impacts, deterrence, sharing threat intelligence, education, and the importance of working together...